Rogue AP Containment Overview
The Cisco DNA Center Rogue AP Containment feature contains the wired and wireless rogue APs. In case of wired rogue AP containment, Cisco DNA Center brings the ACCESS mode switchport interface to the DOWN state in which the rogue AP is attached. In case of Wireless Rogue AP Containment, Cisco DNA Center instructs the strongest detecting wireless controller to initiate containment on wireless rogue BSSIDs. The wireless controller, in turn, instructs the strongest detecting APs for those BSSIDs to stream the deauthentication packets to disrupt the communication between the rogue APs and the wireless clients of that rogue AP.
Rogue AP containment is further classified as:
-
Wired Rogue AP Containment: The rogue AP MAC addresses classified as Rogue on Wire on the Cisco DNA Center rogue threat dashboard.
-
Wireless Rogue AP Containment: The rogue AP MAC addresses classified as Honeypot, Interferer, or Neighbor on the Cisco DNA Center rogue threat dashboard.
Rogue AP containment is supported on Cisco AireOS Controllers and Cisco Catalyst 9800 Series Wireless Controllers.
Note |
Containment is not supported on aWIPS threats. |